Solution

After further investigation, I found that checking the 'Always trust software from '{vendor}' box actually imports a certificate into the Cert:\LocalMachine\TrustedPublisher store. On opening certlm.msc, I observed the following:

Pro tip: Export these certificates on a test machine. Programatically import the certificates before importing the drivers. Everything works perfectly!

The script is included below. It imports all certificates in C:\Drivers\Certificates and then imports all drivers in C:\Drivers\ sub-directories.